DatingDapp

First Flight #33
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Submission Details
Severity: low
Invalid

Unused Struct and Inefficient Data Storage in likeUser Function

Summary

The Like struct in LikeRegistry.sol contract is defined but never used. Instead of storing Like objects, the contract only keeps a likes mapping.
Additionally, the timestamp field is included in the struct but is never utilized. This results in unused storage definitions without functional benefits.

Vulnerability Details

The struct is never instantiated or stored in the LikeRegistry::likeUser function or elsewhere. Instead, the contract uses a mapping:

mapping(address => mapping(address => bool)) public likes;

Impact

  • Increased contract size due to unused code.

  • Unnecessary complexity in the contract structure.

  • Missed opportunity to store valuable data (e.g., timestamps for tracking likes).

Tools Used

  • Manual code review

Recommendations

  1. Remove the Unused Struct
    If Like is not required, remove it entirely to reduce contract size and improve readability.

  2. Implement the Struct Properly (If Needed)
    If tracking likes with timestamps is useful, modify likeUser to store Like objects:

mapping(address => Like[]) public userLikes;
function likeUser(address liked) external payable {
require(msg.value >= 1 ether, "Must send at least 1 ETH");
require(!likes[msg.sender][liked], "Already liked");
require(msg.sender != liked, "Cannot like yourself");
require(profileNFT.profileToToken(msg.sender) != 0, "Must have a profile NFT");
require(profileNFT.profileToToken(liked) != 0, "Liked user must have a profile NFT");
likes[msg.sender][liked] = true;
userLikes[msg.sender].push(Like(msg.sender, liked, block.timestamp)); // Now storing the Like struct
emit Liked(msg.sender, liked);
}

3.Use timestamp for Feature Enhancements
If timestamps are needed, implement logic for time-based actions.

Updates

Appeal created

n0kto Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational or Gas

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.